Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Operation Liberpy Collects More Than 2,000 Bots within Just Months

A botnet of HTTP type used to log keystrokes that's dubbed Operation Liberpy and which has been filching data from end-users' computers since August 2014, hijacked over 2,000 PCs within just months, says ESET the security company.

The company states, the contamination had been disseminated through USB devices. Every keyboard stroke was reported along with mouse movements onto one server that the hijackers controlled. Fake e-mails were sent during the campaign to potential victims with attached files in the messages looking like software that tracked packages. End-users whose computers were infected ended up becoming members of the botnet, with their devices becoming fresh propagation sources that were contaminated with USB sticks plugged inside them.

Moreover according to ESET, of all the infected bots, 98% happened to be in Venezuela, with the malware apparently targeting Internauts there. Whilst categorizing Internet Protocol addresses involved, as many as 2,047 bots had been detected, including 1,953 of that total sourcing to Venezuela.

Given the malicious attack's moniker, ESET started hunting for evidences associated with Liberpy and subsequently discovered one more .exe file similarly named as "Liberty1-0.exe.

Notably, Liberpy is the name of a botnet that was built in Python. It interacts with its bots via port 80 by utilizing HTTP protocol. Hence, outbound messages sent to the remote hijacker takes place via one port out of the many utilized during usual Internet browsing. It's commonly enabled in organizations thereby letting any contaminated PC to exchange messages with the central command-and-control infrastructure, while eschew certain exfiltration techniques.

Essentially, according to ESET's research, Liberpy botnet comprises computers with Windows 7 and then Windows XP, while one-quarter of the impacted PCs along with the rest ten percent of contaminations within Windows Vista, Windows 8 as also one lone computer running Windows Server 2012 succumbing to the threat.

Still now, Liberpy keeps on contaminating computers via techniques same as other malware groups viz., VBS/Agent.NDH, JS/Bondat, and Win32/Dorkbot, concealing all data folders inside an USB, and substituting the same with shortcuts. Such proliferation method has occurred most frequently within the region starting 2011, while continues as a key proliferation medium of malware.

ยป SPAMfighter News - 8/4/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next